Age | Commit message (Collapse) | Author | |
---|---|---|---|
2012-08-22 | ssl: TLS 1.2: fix hash and signature handling | Andreas Schultz | |
with TLS 1.2 the hash and signature on a certify message can differ from the defaults. So we have to make sure to always use the hash and signature algorithm indicated in the handshake message | |||
2012-08-22 | ssl: TLS 1.2: fix Certificate Request list of Accepted Signatur/Hash ↵ | Andreas Schultz | |
combinations | |||
2012-08-22 | ssl: Add Signature Algorithms hello extension from TLS 1.2 | Andreas Schultz | |
This is also avoids triggering some bugs in OpenSSL. | |||
2012-08-22 | ssl: Fix rizzo tests to run as intended | Ingela Anderton Andin | |
The Rizzo tests ran both SSL 3.0 and TLS 1.0 tests in the same test case but the new group structure that run all relevant test for all relevant SSL/TLS versions we need to change that to run the protocol version of the group the we are currently running. | |||
2012-08-22 | ssl: TLS-1.1 and TLS-1.2 support should not be default until R16 | Ingela Anderton Andin | |
2012-08-22 | ssl: Signture type bug | Ingela Anderton Andin | |
2012-08-22 | ssl: Add crypto support check (TLS 1.2 require sha256 support) | Ingela Anderton Andin | |
2012-08-22 | ssl: Dialyzer fixes | Ingela Anderton Andin | |
2012-08-22 | ssl: IDEA cipher is deprecated by TLS 1.2 | Ingela Anderton Andin | |
As we did not yet support IDEA ciphers and they have now become deprecated we skip supporting them altogether. | |||
2012-08-22 | ssl: Run relevant tests for all SSL/TLS versions | Ingela Anderton Andin | |
2012-08-22 | ssl: Add TLS version switches to openssl tests | Andreas Schultz | |
2012-08-22 | ssl: Enable TLS 1.2 | Andreas Schultz | |
2012-08-22 | ssl: Enable mac_hash for TLS 1.2 | Andreas Schultz | |
2012-08-22 | ssl: Implement TLS 1.2 signature support | Andreas Schultz | |
2012-08-22 | ssl: Make signature handling version dependant | Andreas Schultz | |
TLS 1.2 introduces changes on how signatures are calculate and encoded. This makes the signature handling version aware | |||
2012-08-22 | ssl: Fix PRF logic | Ingela Anderton Andin | |
2012-08-22 | ssl: Add TLS 1.2 cipher suites | Andreas Schultz | |
2012-08-22 | ssl: Implement and activate PRFs for TLS 1.1 and 1.2 | Andreas Schultz | |
2012-08-22 | ssl: make PRF function selectable | Andreas Schultz | |
TLS 1.2 allows to negotiate the used PRF, additional the default PRF uses a different hash. This change make the PRF selectable and hardwires the PRF for TLS < 1.2 | |||
2012-08-22 | ssl: Add TLS version paramter to verify_dh_params | Andreas Schultz | |
dh parameter verification is done differently with TLS 1.2. Prepare for that by passing the verion to verify_dh_params. | |||
2012-08-22 | ssl: Add TLS version to dec_hs/2 | Andreas Schultz | |
TLS 1.2 changes the layout of several handshake records. This adds the TLS version to dec_hs/2 so it can decode those. | |||
2012-08-22 | ssl: Add TLS version to ssl_handshake:key_exchange/3 | Andreas Schultz | |
TLS 1.2 changed the way digital signatures are done. key_exchange/3 needs to pass the version to it. | |||
2012-08-22 | ssl: Update ssl_cipher_SUITE for TLS 1.1 and TLS 1.2 | Andreas Schultz | |
now that we handle TLS 1.1+ records correctly, the test suite have to take that into account. | |||
2012-08-22 | ssl: Add TLS 1.2 block cipher IV handling | Andreas Schultz | |
2012-08-22 | ssl: Consider TLS version when building cipher blocks | Andreas Schultz | |
With TLS 1.2 the handling of the IV in cipher blocks changed. This prepares ssl_cipher:cipher/5 for that change by passing the TLS version into it and allowing generic_block_cipher_from_bin/4 to overload the IV. | |||
2012-08-22 | ssl: Calculate handshake hash only when needed | Andreas Schultz | |
TLS/SSL version before 1.2 always used a MD5/SHA combination for the handshake hashes. With TLS 1.2 the default hash is SHA256 and it is possible to negotiate a different hash. This change delays the calculation of the handshake hashes until they are really needed. At that point the hash to use should be known. For now MD5/SHA is still hard coded. | |||
2012-08-22 | public_key: Fix documentation typo | Sverker Eriksson | |
dsa -> dss | |||
2012-08-22 | public_key: Add sha224 to RSA sign/verify | Sverker Eriksson | |
2012-08-22 | crypto: Add sha224 for rsa sign/verify | Sverker Eriksson | |
2012-08-22 | crypto: Add more generic hash interface | Sverker Eriksson | |
2012-08-22 | crypto: Add sha224 | Sverker Eriksson | |
2012-08-22 | crypto: fix hmac_sha384 and add hmac test cases from RFC-4231 | Andreas Schultz | |
2012-08-22 | crypto: Add sha384 | Sverker Eriksson | |
2012-08-22 | crypto: Cleanup code for sha256 and sha512 | Sverker Eriksson | |
2012-08-22 | crypto: Add SHA256 and SHA512 based MACs | Andreas Schultz | |
2012-08-22 | public_key: Align the interface of sign and verify with crypto | Sverker Eriksson | |
2012-08-22 | public_key: Generalised API | Ingela Anderton Andin | |
2012-08-22 | public_key: Add rsa and dss hash signing support | Andreas Schultz | |
2012-08-22 | crypto: Redo interface for rsa and dss hash signing | Sverker Eriksson | |
Replace _hash functions with {digest,_} argument to existing sign/verify functions. | |||
2012-08-22 | crypto: Add rsa and dss hash signing support | Andreas Schultz | |
2012-06-20 | Merge branch 'ia/ssl/recv-bug/OTP-10118' into maint | Ingela Anderton Andin | |
* ia/ssl/recv-bug/OTP-10118: ssl: Fix bug in the handling of remote connection closure of {active,false} ssl sockets. | |||
2012-06-19 | ssl: Fix pem cache bug | Ingela Anderton Andin | |
A general case clause was put before a less general so that the less general case would never match. | |||
2012-06-15 | ssl: Fix bug in the handling of remote connection closure of {active,false} ↵ | Ingela Anderton Andin | |
ssl sockets. | |||
2012-06-13 | Merge branch 'ia/ssl/bottlenecks/OTP-10113' into maint | Ingela Anderton Andin | |
* ia/ssl/bottlenecks/OTP-10113: ssl: Test case fixes ssl: Avoid second bottleneck in supervisor ssl: File handling optimization ssl: Simpler PEM cache ssl: Refactored for readability ssl: Use md5 as file ref id instead of filenames ssl: Move ets:select bottleneck in server ssl: Renegotiate updates session id in gen_fsm state ssl: Use ordered_set in cache ssl: Move and avoid ets:select bottleneck in client ssl: Reuse session check optimization ssl: Avoid supervior bottleneck | |||
2012-06-12 | Merge branch 'ia/ssh/missing-reason-in-catch-exit/OTP-10112' into maint | Ingela Anderton Andin | |
* ia/ssh/missing-reason-in-catch-exit/OTP-10112: Improved handling of multiple closes | |||
2012-06-12 | ssl: Test case fixes | Ingela Anderton Andin | |
2012-06-08 | ssl: Avoid second bottleneck in supervisor | Ingela Anderton Andin | |
Do proc_lib:spawn_link instead of proc_lib:start_link as synchronized init is not used/needed anyway. | |||
2012-06-08 | ssl: File handling optimization | Ingela Anderton Andin | |
Avoid cach validation with file:file_info/2 as this i too expensive and causes a bottleneck in the file server. Instead we expose a new API function ssl:clear_pem_cache/0 to deal with the problem. As we think it will be of occasional use and the normal case is that the cache will be valid we think it is the right thing to do. Convert file paths to binary representation in the ssl API module to avoid uncessarry calls in file later on. Also add sanity checks for openssl versions in testsuite due to new openssl bugs. | |||
2012-06-08 | Merge branch 'lukas/otp/install_with_whitespace/OTP-10107' into maint | Lukas Larsson | |
* lukas/otp/install_with_whitespace/OTP-10107: Update to work with space in include path Update to work with whitespace in exec path | |||
2012-06-08 | Update to work with space in include path | Lukas Larsson | |
OTP-10109 |